Installing Openssh on the Alpine Docker Container

Installing OpenSSH on the Alpine Docker Container

Run apk update first. The below paste contains a complete example:

    ole@T:~$ docker run -it --rm alpine /bin/ash
    / # apk update
    fetch http://dl-4.alpinelinux.org/alpine/v3.3/main/x86_64/APKINDEX.tar.gz
    fetch http://dl-4.alpinelinux.org/alpine/v3.3/community/x86_64/APKINDEX.tar.gz
    v3.3.1-97-g109077d [http://dl-4.alpinelinux.org/alpine/v3.3/main]
    v3.3.1-59-g48b0368 [http://dl-4.alpinelinux.org/alpine/v3.3/community]
    OK: 5853 distinct packages available
    / # apk add openssh
    (1/3) Installing openssh-client (7.1_p2-r0)
    (2/3) Installing openssh-sftp-server (7.1_p2-r0)
    (3/3) Installing openssh (7.1_p2-r0)
    Executing busybox-1.24.1-r7.trigger
    OK: 8 MiB in 14 packages

Running OpenSSH in an Alpine Docker Container

A container is not a full installed environment.
The official document is for that installed alpine on some machine.
With power on, boot up services, etc. that a container does not have.

So, anything in /etc/init.d/ can not be used directly in a container which is used by boot up service (like systemd, or alpine's rc*). That's why you got error messages cause the rc* isn't installed in the container.

What you need to do is start sshd manuanlly.
You can take look on below example:

https://hub.docker.com/r/danielguerra/alpine-sshd/~/dockerfile/

Setup Docker Container with SSH server?

In order to start, the SSH daemon does need host keys.

Those does not represents the keys that you are going to use to connect to your container, just the keys that define this specific host.

A host key is a cryptographic key used for authenticating computers in the SSH protocol.

Source: https://www.ssh.com/ssh/host-key

So you have to generate some keys for your host, you can then safely ignore those if you do not really intend to use them.

Generating those keys can be done via

ssh-keygen -A

So in your image, just adding a

RUN ssh-keygen -A

should do.

For the record, here is my own sshd Alpine image:

FROM alpine

RUN apk add --no-cache \ 
        openssh \
    && ssh-keygen -A \
    && mkdir /root/.ssh \
    && chmod 0700 /root/.ssh \
    && echo "root:$(openssl rand 96 | openssl enc -A -base64)" | chpasswd \
    && ln -s /etc/ssh/ssh_host_ed25519_key.pub /root/.ssh/authorized_keys

EXPOSE 22

CMD ["/usr/sbin/sshd", "-D", "-e"]

Extra notes:

  • I am reusing the SSH keys generated by ssh-keygen -A, exposing them in a volume, this is the reason why I am doing the command:
    ln -s /etc/ssh/ssh_host_ed25519_key.pub /root/.ssh/authorized_keys
  • Because this is just an Ansible node cluster lab, I am SSH'ing this machine as the root user, this is why I need the, quite insecure
    echo "root:$(openssl rand 96 | openssl enc -A -base64)" | chpasswd

How to install SSHFS inside Alpine container?

In order to run SSHFS inside container it requires privileged permissions.

Install SSHFS by adding this line in Dockerfile:
RUN apk update && apk add sshfs;

Run container:
docker run --privileged=true -it --rm --name alpine-app transfers-image

Getting ssh-keygen in Alpine docker

Thanks to @PrasadK - which nudged me along, the answer to Node-
Red new Projects feature since version 0.18.3 - in order to have a remote repo - using this function in Node-Red Projects, the underlying docker image requires ssh-keygen. Do this in the Dockerfile with:

......
RUN   apk update && \
      apk add --no-cache \
      openssh-keygen
......

ssh troubleshooting, connecting to alpine docker image ssh_exchange_identification: Connection closed by remote host

sshd isn't running in your container. If you create a file called entrypoint.sh in your directory containing this

#!/bin/sh
ssh-keygen -A
/usr/sbin/sshd -D -e

and change your Dockerfile to

FROM alpine:3.13

# utils
RUN apk add openssh \
    && apk add nano

#Enable ssh login
RUN apk add openrc && rc-update add sshd \
    && sed -i '/^#Port 22/s/^#//' /etc/ssh/sshd_config \
    && sed -i '/^#PasswordAuthentication/s/^#//' /etc/ssh/sshd_config \
    && sed -i '/^#PermitEmptyPasswords no/s/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config \
    && sed -i '/^#PermitRootLogin prohibit-password/s/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
    && echo "root:Docker!" | chpasswd

COPY entrypoint.sh /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]

Then it'll work

Pull ssh-client container via docker-compose

If you search over dockerhub where all the public images reside, you will find that all the "ssh-client" popular images there are simply building on top of alpine and installing openssh-client exactly that way you described it.

So there is no obvious benefit in using those existing images. Just install the ssh-client via:

RUN apk update && apk-install openssh-client

Related Topics

Git Aliases - Command Line Autocompletion of Branch Names

Svn In-Place Import and Checkout

Subversion Web Interface

Linux: How to Force a Specific Network Interface to Be Used

Convert a Fixed Width File from Text to CSV

How to Create Solr 6 Cores

Best File System for Serving 1Gb Files Using Nginx, Under Moderate Write, Read Performance-Wise

Docker Compose: Error While Loading Shared Libraries: Libz.So.1: Failed to Map Segment from Shared Object: Operation Not Permitted

Docker Load and Save: "Archive/Tar: Invalid Tar Header"

Process Permanently Stuck on D State

How to Recursively List All Files and Directories

Bash: /Bin/Tar: Argument List Too Long When Compressing Many Files with Tar

How to Conveniently Sync a File Between Two Git Repositories

How to Programmatically Switch to a Specific Window in Compiz

Docker Not Starting " Could Not Delete the Default Bridge Network: Network Bridge Has Active Endpoints""

Why Would It Be Impossible to Fully Statically Link an Application

I Want to Remove Multiple Line of Text on Linux

How to Diff a Directory for Only Files of a Specific Type


Leave a reply



Submit